Privacy and Terms
Privacy - Introduction
Spontaneous Insight is a provider of vital information that helps businesses, non-profit organizations, and federal, state and local governments reduce fraud, mitigate risk, facilitate smarter decisions, and make society safer, while protecting consumer privacy.
Our Privacy Guidelines apply to Personally Identifiable Information,1 which includes Sensitive Personally Identifiable Information,2 collected, maintained, used or disseminated by Spontaneous Insight in delivering information products and services through any Spontaneous Insight company or line of business.
Protecting privacy is a Spontaneous Insight priority. Many of our products are already subject to important privacy protections provided by federal and state laws, such as the Fair Credit Reporting Act and its state law counterparts. We give careful attention to our privacy policies which we review and change, from time to time, as necessary and appropriate. To underscore our fundamental commitment to privacy and our vision that good privacy is good business -- for Spontaneous Insight, for our customers and for consumers -- we have adopted the following Privacy Guidelines.
1Individually identifiable information from or about an individual consumer including, but not limited to: (a) a first and last name or first initial and last name; (b) a home or other physical address, which includes at least street name and name of city or town; (c) an email address; (d) a telephone number; (e) a Social Security number; (f) credit and/or debit card information, including credit and/or debit card number with expiration date; (g) date of birth; (h)a driver’s license number; or (i) any other information from or about an individual consumer that is combined with (a) through (h) above.
2Information owned or licensed by Spontaneous Insight that consists of an individual’s first name or first initial and last name, in combination with any one or more of the following data elements, when either the name or data elements are not encrypted: (1) driver’s license or state identification number; (2) social security number; or (3) account numbers (such as bank, credit or debit card numbers) when combined with any required security code, access code, or password that would permit access to an individual’s financial account.
We strive to collect, maintain, use and disseminate Personally Identifiable Information in proper, appropriate and respectful ways defined by laws, regulations and policies, while balancing and considering individual, societal and organizational interests. We promote the use of Personally Identifiable Information to help make decisions in a manner that is fair and based on merit and that also takes into account the individual’s privacy interests.
We strive to protect the privacy of Personally Identifiable Information obtained over the Internet and apply our Privacy Guidelines and evolving standards to the online environment.
Sensitive Personally Identifiable Information
We strive to provide additional safeguards for Sensitive Personally Identifiable Information, which presents the highest risk of being misused for identity theft or fraud.
We strive to collect, maintain, use and disseminate Personally Identifiable Information, when doing so benefits the consumer, improves public safety, reduces fraud, improves risk management, facilitates the delivery of goods or services, or improves the quality of our services and products.
We strive to assure that every source we use is reputable and reliable. We believe in public access to public records and we believe that public record access nourishes values that are critical to the vitality of our democracy.
Data Quality, Correction and Dispute Resolution
We strive to disseminate Personally Identifiable Information that is accurate, timely and complete. We also strive, as appropriate and practicable, to provide opportunities for consumers to dispute and correct information we report.
We strive to protect Personally Identifiable Information, which we maintain or disseminate so it is not obtained by unauthorized individuals or used in unauthorized ways. We strive to know that our customers are legitimate and verify that they have an appropriate and lawful purpose for obtaining information. We continue implementing and updating security safeguards, as appropriate.
We strive to help consumers avoid identity theft and, when identity theft occurs, to mitigate any adverse consequences. It is important that consumers who may have had their Sensitive Personally Identifiable Information acquired by an unauthorized individual be notified as follows. Where a state law requires notice, we comply with the law.
Privacy and Security Statement
Spontaneous Insight respects your privacy. Web servers are generally capable of collecting, storing, and analyzing a variety of information about those who visit the site. Our goal is to keep all information collected at this website confidential and secure and to use it only for purposes for which it was intended or to improve the quality of the web service we provide. To inform you of our policies, we provide the following detailed information about our data collection processes.
In some cases, Spontaneous Insight contracts with commercial services for specific web services, generally related to financial transactions, and links to their sites for those transactions. If you are redirected to another site, something other than, privacy and security are governed by the policies of those services and are documented by those sites. We do attempt to ensure that those policies conform in general to Spontaneous Insight’s policies, as outlined below.
What information does Spontaneous Insight collect on its Web site?
We collect personal information (such as name, address, phone, e-mail address) only if you provide it to us voluntarily through e-mail, registration forms, information request forms or surveys, or otherwise. Personal information is kept confidential and will not be disclosed to third parties except as may be required by law. Credit card information and social security numbers are only collected for specific purposes where the information is required for the transaction.
Cookies are pieces of information that a web site transfers to an individual’s computer hard drive for recordkeeping purposes. Official Spontaneous Insight web pages will not issue "cookies" to anyone who visits those web pages, except for the purpose of remembering log-in information or user preferences. Cookies will never store private information but will only reference such information elsewhere. In those cases, cookies are used only to record security keys with limited lifetimes for your convenience in accessing other secured pages.
Our web server software automatically logs the following information each time someone visits our website: date, time, Client IP, Server IP, web browser, URLs of page requested and referring page, among others. We use the information gathered to help us improve our website.
What does Spontaneous Insight do with the personal information collected on this Web site?
Certain personal information is used to provide information back to you. We do not and will not sell your personal information to anyone. Certain postal information may be provided to our mailing service that handles the distribution of materials and announcements.
What does Spontaneous Insight do to safeguard personal information on this site?
We have instituted safeguards to check that our internal procedures meet our high policy standards. Only authorized employees have access to the information you provide us.
Internet communication security in general
The privacy of communication over the Internet cannot be guaranteed because the Internet is not a secure medium. Spontaneous Insight does not assume any responsibility for any harm, loss or damage you may experience or incur by the sending of personal or confidential information over the Internet by or to Spontaneous Insight.
What should I do if I have questions?
Spontaneous Insight Agreement For Service
This Agreement (the "Agreement") is entered into by and between Spontaneous Insight Inc. (hereinafter referred to as “we”, “us” or “Spontaneous Insight”), its applicable subsidiaries and affiliated companies, and any user, individual/consumer or business of our services (hereinafter referred to as “you” or "Customer"). Affiliate shall mean any business entity that provides a service to or with Spontaneous Insight.
Depending on the services you enjoy, certain terms and conditions apply to the information we provide.
For all services provided by us to both individuals and businesses, the following terms and conditions apply:
The Site and the information contained therein in no way grant any license or right to use any Mark displayed on the Site. Customers are strictly prohibited from using the Marks displayed on the Site or any other content on the Site, except as provided in this Agreement for Service. Downloading of material displayed on the Site is limited to non-commercial, Customer use only. The content of the Site cannot be used, posted, sold, transmitted, distributed, modified or transferred for public or commercial purposes, without the written permission of Spontaneous Insight.
Use of and browsing in the Site are at Customer’s risk. Without limiting the foregoing, everything on the Site is provided "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. Some jurisdictions may not allow the exclusion of implied warranties; therefore, some of the above exclusions may not apply.
Spontaneous Insight makes no representations whatsoever about any other web site which may be accessed through this Site. Access to an independent, non-Spontaneous Insight web site is outside Spontaneous Insight’s control. In addition, a link to a non-Spontaneous Insight web site does not mean we endorse or accept any responsibility for the content, or the use, of such web site. Spontaneous Insight assumes no responsibility, and shall not be liable for, any damages to, or viruses that may infect, the computer equipment or other property of Customer arising from or related to access to, use of, or browsing in the Site or the downloading of any materials, data, text, images, video, or audio from the Site by you. IN NO EVENT WILL SPONTANEOUS INSIGHT, ITS AFFILIATES, ITS AGENTS OR ANY OTHER PARTY INVOLVED IN CREATING, PRODUCING OR DELIVERING THE SITE, BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, EXEMPLARY, PUNITIVE, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES FOR ANY USE OF THIS WEB SITE, OR ON ANY OTHER LINKED SITE, INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR OTHER DATA ON USERS' INFORMATION HANDLING SYSTEM OR OTHERWISE, EVEN IF SPONTANEOUS INSIGHT IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Spontaneous Insight provides services to both individuals and businesses, collectively described as “Customers” herein. Spontaneous Insight is not an insurer and merely provides a service where information and data is transmitted between third party sources and the Customer. As such, all Customers agree to indemnify and hold Spontaneous Insight, its affiliated companies, and the officers, agents, employees, and independent contractors harmless of any and all expenses, attorney’s fees, loss, harm, wrongdoing, wrongful use or damage resulting from the procurement, use, mishandling, illegal act or inaction, or publication by Customer, or the employees or agents of the Customer, of any information received from Spontaneous Insight, including, but not limited to Background Report information contrary to the terms of this Agreement or contrary to state/federal law or regulation. Such indemnification shall survive the termination of Customer’s use of Spontaneous Insight’s services to the extent permitted by applicable state or federal law.
With respect to personally identifiable information regarding individuals, the Parties further agree as follows: Spontaneous Insight has adopted the "Spontaneous Insight Privacy Guidelines" ("Guidelines") recognizing the importance of appropriate privacy protections for an individual’s data and Customer agrees that Customer (including its directors, officers, employees or agents) will comply with the Guidelines or Customer's own comparable privacy principles, policies, or practices. Spontaneous Insight's Privacy Guidelines are available at www.spontaneous-insight.com/privacy_and_terms.php
In the event that Customer learns or has reason to believe that Spontaneous Insight data has been disclosed or accessed by an unauthorized party, Customer will immediately give notice of such event to Spontaneous Insight. Furthermore, in the event that Customer has access to or acquires individually identifiable information (e.g., social security numbers, driver's license numbers or dates of birth) in relation to the Agreement, the following shall apply: Customer acknowledges that upon unauthorized acquisition of such individually identifiable information (a "Security Event"), Customer shall, in compliance with law, notify the individuals whose information was disclosed that a Security Event has occurred. Also, Customer shall be responsible for any other legal obligations which may arise under applicable law in connection with such a Security Event.
These Terms and Conditions are subject to revision at any time by an update to this posting. Such revisions are binding upon any Customer of this Site. As a result, all Customers should routinely visit this page to review the then current Terms and Conditions to which they are bound. Notwithstanding the foregoing, Customers shall be bound by our Terms and Conditions for a period of three (3) years after each unique use of our Services.
California and federal law will govern the terms of our Services and your use. The invalidity or unenforceability of any one provision of this Agreement shall not impair the validity and enforceability of the remaining provisions.
Our obligation to perform under this Agreement shall be excused during each period of delay caused by matters beyond our reasonable control, including without limitation, government regulation or law, war, acts of terrorism or insurrection, civil commotion, destruction of production facilities or material by earthquake, fire, flood, storm or other natural disaster, labor disturbances, epidemic or failure of suppliers, public utilities or common carriers.
The failure of either party to insist on prompt performance of their duties shall not constitute a waiver of that duty.
By using the Spontaneous Insight Services as described here and made available, Customer agrees that Spontaneous Insight can communicate with Customer via facsimile and electronic mail. Customer clearly represents direct knowledge of the facts stated above and that Customer is authorized to execute this Agreement on behalf of him/herself and/or the company listed above.
All users subject to the Federal Trade Commission's jurisdiction must comply with all applicable regulations, including regulations promulgated after this notice was prescribed in 2004. Information about applicable regulations currently in effect can be found at the Commission's Web site, www.ftc.gov/credit.
ADDITIONAL TERMS AND CONDITIONS FOR BUSINESS CUSTOMERS:
When a business Customer enjoys or plans to order from Spontaneous Insight, certain services for employment purposes, which include Consumer Reports and Investigative Consumer Reports as defined under the federal Fair Credit Reporting Act ("FCRA") (collectively, "Background Reports") and Spontaneous Insight provides such Background Reports, then we agree as follows:
(a) Comply with all U.S. laws applicable to the making of Background Reports for employment purposes, including the FCRA.
(b) Follow reasonable procedures to assure maximum possible accuracy of the information reported, subject to Paragraph 2(c) below, and reinvestigate if requested by the Customer without further charge if the information was incorrect.
(c) Disclose, upon request from the verified individual who is the subject of the Background Report (the "Individual"), the information reported, reinvestigate any information disputed by the Individual at no charge to our Customer and take any necessary corrective action with the Individual and the Customer.
In addition, if our Customer is a business, you agree to do the following:
(a) Keep all Background Reports, whether oral or written, strictly confidential and restrict the use of the information in the Background Reports by Customer and its authorized personnel to employment purposes. No information from Background Reports will be given or resold to any other "person," “entity” or "user". Subject to Section (b) above, if the Individual, or his or her representative, requests Background Report information, that person may be referred to Spontaneous Insight for disclosure under the FCRA or other applicable laws.
(b) If applicable, Customer shall comply with the Vermont Fair Credit Reporting Act, 9 V.S.A. SS 2480e, by securing the written consent of the Consumer prior to ordering a consumer report on a Vermont resident.
(c) Recognizing that information in Background Reports is secured from and processed by fallible sources (human and otherwise) and that for the fee charged Spontaneous Insight cannot be either an insurer or a guarantor of the accuracy of the information reported; Customer releases Spontaneous Insight and its Affiliates and the officers, agents, employees, and independent contractors from any and all liability for any negligence of third party furnishers of information in connection with erroneous information provided by such third parties.
(d) To be responsible for all charges incurred, including applicable fees as well as charges resulting from Customer's errors in inputting data, duplicate requests and errors in transmission. The fees for Background Reports exclude out of pocket expenses such as registry fees, school transcripts, court fees, state fees, and telephone 900# fees to verify employment or education, and fees for the Services exclude any applicable taxes. Spontaneous Insight reserves the right to revisit any Background Report fee if (i) regulatory changes result in an increase of the charges for services; or (ii) Spontaneous Insight's average disbursement fees/out of pocket expenses should increase by more than ten percent (10%).
(f) If Customer purchases motor vehicle records ("MVRs") from Spontaneous Insight, Customer agrees to the following:
(i) Comply with the federal Driver's Privacy Protection Act and similar state statutes.
(ii) Customer shall not retain or store any Spontaneous Insight provided MVR, or portions of information contained therein, in any database or combine such information with data in any other database, provided that, Customer may keep a copy of a Applicants MVR in the Applicants personnel file.
(iii) As requested by Spontaneous Insight, Customer shall complete any state forms that Spontaneous Insight is legally or contractually bound to obtain from Customer before serving Customer with state MVRs.
(iv) With regard to Spontaneous Insight provided MVRs originating from the states of New Hampshire, Pennsylvania, Washington, and West Virginia, Customer shall not disseminate or publish personal information contained in such MVRs via the Internet.
(v) Customer shall not publish Virginia MVRs or any information derived from Virginia MVRs via e-mail. However, Customer may disseminate Virginia MVRs via the Internet through use of a secure Internet connection.
(vi) If Customer orders an MVR from the state of Alaska for any purpose, Customer shall obtain the written authorization of the Applicant before ordering such MVR.
(vii) If Customer orders any driver records originating from the State of South Carolina, Customer acknowledges that the person identified in the driver records received from South Carolina are third party beneficiaries to Spontaneous Insight's Information Release Agreement with the South Carolina Department of Public Safety, Division of Motor Vehicles.
(viii) Prior to requesting any MVR from the State of Washington, Customer agrees (i) to obtain from the Consumer a written statement authorizing the release of the MVR and (ii) execute an attestation that the information in the MVR is necessary to determine whether the individual should be employed to operate a school bus or commercial vehicle upon public highways. Spontaneous Insight will provide a copy of the required release and attestation to the Customer. Customer agrees to retain each release and attestation for a period of not less than two (2) years.
(ix) If Customer orders an MVR from the State of Virginia, Customer must retain the Consumer's authorization for at least five (5) years after the date the MVR was requested.
(x) With regard to MVR data originating from the state of West Virginia, Customer shall indemnify the state of West Virginia from any wrongful use of the MVR data.
(g) Customer acknowledges that Spontaneous Insight has provided the "Notice to Users of Consumer Reports", attached hereto as Attachment A, which informs users of consumer reports of their legal obligations under the FCRA.
(h) Notify Spontaneous Insight if Customer changes its name or address.
As a business customer, you certify that:
(a) It shall order Consumer Reports for employment purposes only. In compliance with the FCRA, prior to ordering a report, Customer shall make a clear and conspicuous disclosure in writing to the Individual in a document that consists solely of the disclosure that a Consumer Report may be procured for employment purposes. If the Consumer is a resident of the State of California, the disclosure shall also include the name, address and telephone number of the investigative consumer reporting agency conducting the investigation, the nature and scope of the investigation requested, and a summary of the provisions of SS1786.22 of the California Code. Further, the Customer shall have the individual authorize in writing the procurement of all Consumer Reports. Customer shall not use information contained in a Consumer Report in violation of any applicable federal or state equal employment opportunity law or regulation. The federal Fair Credit Reporting Act imposes criminal penalties - including a fine, up to two years in prison, or both - against anyone who knowingly and willfully obtains information on an individual from a consumer reporting agency under false pretenses, and other penalties for anyone who obtains such consumer information without a permissible purpose.
(b) If Customer chooses to take any adverse action based in whole or in part on the Consumer Report, before taking such adverse action, Customer shall provide the Individual with a copy of the Consumer Report; and, a description in writing of the rights of consumers under the FCRA, as prescribed by the Federal Trade Commission under 15 U.S.C. SS1681g(c)(3).
(c) With regard to Investigative Consumer Reports, as defined in 15 U.S.C. SS1681a(e), it will clearly and accurately disclose to the Individual that an Investigative Consumer Report including information as to his character, general reputation, personal characteristics, and mode of living, whichever are applicable, may be made. The disclosure will be made in writing and mailed or otherwise delivered to the Individual not later than three (3) calendar days after the date on which the report was first requested and will include a summary of the Individual's rights provided for under 15 U.S.C. SS 1681g(c). The disclosure shall also include a statement informing the Individual of his/her right to submit a written request for additional information pursuant to 15 U.S.C. SS 1681d(b), within a reasonable period of time after the receipt by him/her of the foregoing disclosure. Upon receipt of such request, Customer shall disclose in a writing the nature and scope of the investigation, which shall be complete and accurate. The disclosure must be mailed or otherwise delivered to the Individual not later than five (5) calendar days after the date on which the request for additional disclosure was received from the Individual or the date the Customer first requested the report, whichever is the later. Customer shall also comply with the adverse action requirement in subsection b, if applicable.
Business Customer Security Obligations:
Customer agrees to do the following in order to preserve the security of the Services being provided pursuant to this Agreement:
(a) Misuse of Services or Information. Customer agrees to take appropriate measures so as to protect against the misuse and/or unauthorized access of Spontaneous Insight's Services through any methods, including unauthorized access through or to Customer's user identification numbers or passwords ("Account ID's"). Such misuse or unauthorized access shall include any disclosure, release, viewing or other unauthorized access to information such as social security numbers, driver's license numbers or dates of birth. Customer agrees that Spontaneous Insight may temporarily suspend Customer's access for up to fifteen (15) business days pending an investigation of Customers use or access. Customer agrees to cooperate fully with any and all investigations. If any misuse or unauthorized access is found, Spontaneous Insight may immediately terminate this Agreement without notice or liability of any kind.
(b) Customer Account Maintenance. Customer is responsible for the administration and control of Account ID's by its employees and third parties, and shall identify a security administrator to coordinate with Spontaneous Insight. Customer shall manage all Account ID's, and notify Spontaneous Insight promptly if any Account ID becomes inactive or invalid. Customer shall follow the policies and procedures of Spontaneous Insight with respect to account maintenance as may be communicated to Customer from time to time.
Business Customers (and its employees) are and shall remain an independent contractor(s) to us. Neither party is authorized to assume or create an obligation or responsibility, express or implied, on behalf of, or in the name of, the other party or to bind the other party in any manner. Spontaneous Insight shall have the right to conduct periodic audits of Customer's compliance with this Agreement and applicable law. In addition, certain third party vendors, such as departments of motor vehicles and credit bureaus, require the right to audit Customer either directly or through Spontaneous Insight. The scope and frequency of any audit shall be at the reasonable discretion of Spontaneous Insight but will be subject to requirements imposed by third party vendors. Spontaneous Insight will provide reasonable notice prior to conducting any audit provided that Spontaneous Insight has received reasonable notice from any third party vendor involved in the audit process. Any violations discovered as a result of such audit may be cause for immediate action by Spontaneous Insight, including, but not limited to, immediate termination of this Agreement. Spontaneous Insight shall have the right to reveal the existence of this Agreement and the terms or conditions thereof in any Spontaneous Insight publication, advertising, publicity release or sales presentation regardless of the medium.
Commission's jurisdiction should consult with their regulators to find any relevant regulations.
NOTICE TO BUSINESS USERS OF CONSUMER REPORTS:
OBLIGATIONS OF BUSINESS USERS UNDER THE FCRA
The Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Federal Trade Commission's Website at www.ftc.gov/credit. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at the Commission's Web site. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.
The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.
I. OBLIGATIONS OF BUSINESS USERS OF CONSUMER REPORTS
A. Users Must Have a Permissible Purpose
Congress has limited the use of consumer reports to protect consumers' privacy. All business users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are:
- As ordered by a court or a federal grand jury subpoena. Section 604(a) (1)
- As instructed by the consumer in writing. Section 604(a) (2)
- For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer's account. Section 604(a)(3)(A)
- For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)
- For the underwriting of insurance as a result of an application from a consumer.
Section 604(a) (3) (C)
- When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a) (3) (F) (i)
- To review a consumer's account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii)
- To determine a consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status. Section 604(a) (3) (D)
- For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a) (3)(E)
- For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a) (4) and 604(a)(5)
In addition, creditors and insurers may obtain certain consumer report information for the purpose of making "prescreened" unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of "prescreened" information are described in Section VII below.
B. Business Users Must Provide Certifications
Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.
C. Business Users Must Notify Consumers When Adverse Actions Are Taken
The term "adverse action" is defined very broadly by Section 603. "Adverse actions" include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA - such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.
- Adverse Actions Based on Information Obtained From a CRA
If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:
- The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.
- A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.
- A statement setting forth the consumer's right to obtain a free disclosure of the consumer's file from the CRA if the consumer makes a request within 60 days.
- A statement setting forth the consumer's right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.
- Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies
If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1)requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer's written request.
- Adverse Actions Based on Information Obtained From Affiliates
If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.
D. Business Users Have Obligations When Fraud and Active Duty Military Alerts are in Files
When a consumer has placed a fraud alert, including one relating to identity theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer's alert.
E. Business Users Have Obligations When Notified of an Address Discrepancy
Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer's file. When this occurs, users must comply with regulations specifying the procedures to be followed, which will be issued by the Federal Trade Commission and the banking and credit union regulators. The Federal Trade Commission's regulations will be available at www.ftc.gov/credit.
F. Business Users Have Obligations When Disposing of Records
Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. The Federal Trade Commission, the Securities and Exchange Commission, and the banking and credit union regulators have issued regulations covering disposal. The Federal Trade Commission's regulations may be found at www.ftc.gov/credit.
II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES
If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations to be jointly prescribed by the Federal Trade Commission and the Federal Reserve Board.
Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) ("Notice to the Home Loan Applicant").
III. OBLIGATIONS OF BUSINESS USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES
A. Employment Other Than in the Trucking Industry
If information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:
- Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.
- Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.
- Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.
- Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer's rights. (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken.
An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment.
Section 615(b) (2)
The procedures for investigative consumer reports and employee misconduct investigations are set forth below.
B. Employment in the Trucking Industry
Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company.
IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED
Investigative consumer reports are a special type of consumer report in which information about a consumer's character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a business user intends to obtain an investigative consumer report, Section 606 requires the following:
- The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)
- The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.
- Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed, or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.
V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS
Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.
VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION
Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes - or in connection with a credit transaction (except as provided in regulations issued by the banking and credit union regulators) - the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or as permitted by statute, regulation, or order).